Patents by Inventor Gerald S. Lathem
Gerald S. Lathem has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8239942Abstract: Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetworking device, at a session-based level or at a lower (packet-based) level. Depending on the type of internetworking device (router or switch) the load balancing mechanism that distributes the packets can be internal or external to the internetworking device. Also depending on the level of packet distribution (session-based or packet-based), the sensors share a network analyzer (if session-based) or both a network analyzer and a session analyzer (if packet-based).Type: GrantFiled: May 16, 2005Date of Patent: August 7, 2012Assignee: Cisco Technology, Inc.Inventors: Steven D. Shanklin, Gerald S. Lathem
-
Patent number: 8037528Abstract: In one embodiment, a technique for enhancing the inspection of data sent from a server is provided. By modifying a client request in an effort to prevent the transformation (e.g., encoding and/or compression) of data by the server, unencoded data may be received, which can be inspected without the overhead associated with first decoding the data. Further, in the event the data is encoded despite modifying the client request to prevent such encoding, the server may be untrustworthy and one or more appropriate actions may be taken.Type: GrantFiled: September 17, 2007Date of Patent: October 11, 2011Assignee: Cisco Technology, Inc.Inventors: Craig Allen Williams, Gerald S. Lathem
-
Patent number: 7526806Abstract: According to one embodiment of the invention, a computerized method for addressing intrusion attacks directed at a computer includes receiving a data stream corresponding to a potential attack on the computer and calculating an event risk rating for the data stream. Calculating the event risk rating includes determining at least one component risk rating. In one embodiment, the component risk ratings are: a signature fidelity rating indicative of the likelihood the potential attack will affect the computer in the absence of knowledge regarding the computer, an attack relevance rating indicative of the relevance of the potential attack to the computer, and a target value rating indicative of the perceived value of the computer. The method also includes responding to the potential attack based on the calculated risk rating.Type: GrantFiled: November 5, 2003Date of Patent: April 28, 2009Assignee: Cisco Technology, Inc.Inventors: Kevin L. Wiley, Michael L. Hall, Gerald S. Lathem, Robert E. Gleichauf
-
Publication number: 20080098477Abstract: In one embodiment, a technique for enhancing the inspection of data sent from a server is provided. By modifying a client request in an effort to prevent the transformation (e.g., encoding and/or compression) of data by the server, unencoded data may be received, which can be inspected without the overhead associated with first decoding the data. Further, in the event the data is encoded despite modifying the client request to prevent such encoding, the server may be untrustworthy and one or more appropriate actions may be taken.Type: ApplicationFiled: September 17, 2007Publication date: April 24, 2008Inventors: CRAIG ALLEN WILLIAMS, Gerald S. Lathem
-
Patent number: 7017185Abstract: A method and system for maintaining network activity data for intrusion detection includes storing data representative of network activity in datasets. The datasets include root datasets each having a root keyset and child datasets each having a child keyset with a key combination derived from and less granular than a root keyset. Child datasets are identified through their root datasets.Type: GrantFiled: December 21, 2000Date of Patent: March 21, 2006Assignee: Cisco Technology, Inc.Inventors: Kevin L. Wiley, Gerald S. Lathem, Michael L. Hall, Jr.
-
Patent number: 6954775Abstract: Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetworking device, at a session-based level or at a lower (packet-based) level. Depending on the type of internetworking device (router or switch) the load balancing mechanism that distributes the packets can be internal or external to the internetworking device. Also depending on the level of packet distribution (session-based or packet-based), the sensors share a network analyzer (if session-based) or both a network analyzer and a session analyzer (if packet-based).Type: GrantFiled: December 30, 2002Date of Patent: October 11, 2005Assignee: Cisco Technology, Inc.Inventors: Steven D. Shanklin, Gerald S. Lathem
-
Patent number: 6792546Abstract: A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signatures may then be compiled, or otherwise analyzed, to provide a process executable by a sensor or other processor-based signature detector.Type: GrantFiled: November 25, 2002Date of Patent: September 14, 2004Assignee: Cisco Technology, Inc.Inventors: Steven D. Shanklin, Thomas E. Bernhard, Gerald S. Lathem
-
Patent number: 6609205Abstract: A method of detecting signatures representing misuse of a local network. Known reference signatures having one or more common events are identified, and represented with a decision graph having one or more shared nodes. Each node of the decision graph represents the occurrence of an event. Given a set of input events, test functions associated with nodes determine the path taken during traversal of the graph. A path of the graph from the parent node to a leaf node represents the occurrence of all events that comprise a signature. The decision graph permits any of the signatures to be detected with only one traversal, and avoids the need for a separate matching process for each signature. In this manner, an entire set of all known reference signatures may be consolidated into a smaller set of decision graphs.Type: GrantFiled: March 18, 1999Date of Patent: August 19, 2003Assignee: Cisco Technology, Inc.Inventors: Thomas E. Bernhard, Steven D. Shanklin, Gerald S. Lathem
-
Patent number: 6578147Abstract: Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetworking device, at a session-based level or at a lower (packet-based) level. Depending on the type of internetworking device (router or switch) the load balancing mechanism that distributes the packets can be internal or external to the internetworking device. Also depending on the level of packet distribution (session-based or packet-based), the sensors share a network analyzer (if session-based) or both a network analyzer and a session analyzer (if packet-based).Type: GrantFiled: January 15, 1999Date of Patent: June 10, 2003Assignee: Cisco Technology, Inc.Inventors: Steven D. Shanklin, Gerald S. Lathem
-
Patent number: 6487666Abstract: A method of describing intrusion signatures, which are used by an intrusion detection system to detect attacks on a local network. The signatures are described using a “high level” syntax having features in common with regular expression and logical expression methodology. These high level signatures may then be compiled, or otherwise analyzed, to provide a process executable by a sensor or other processor-based signature detector.Type: GrantFiled: January 15, 1999Date of Patent: November 26, 2002Assignee: Cisco Technology, Inc.Inventors: Steven D. Shanklin, Thomas E. Bernhard, Gerald S. Lathem
-
Patent number: 6415321Abstract: A method and system for mapping a network domain provides a centralized repository for network information to support network devices, including an intrusion detection system. A domain mapping device includes an acquisition engine for acquiring network information, hypercube storage for storing network information, and a query engine for responding to queries from network devices for network information. The acquisition engine acquires network information by active scanning of network devices, passive scanning of network devices, polling of network devices, or receiving network information pushed from network devices. The network information includes device type, operating system, service and vulnerability information. The query engine provides network information in response to queries from network devices, such as intrusion detection devices that use the data to detect attacks on the vulnerabilities of the network.Type: GrantFiled: December 29, 1998Date of Patent: July 2, 2002Assignee: Cisco Technology, Inc.Inventors: Robert E. Gleichauf, Gerald S Lathem, Scott V. Waddell